The US National Institute of Standards and Technology (NIST) has issued new guidelines for password security that turn accepted wisdom about creating long strings of letters, numbers and symbols on its head.
Key changes in NIST’s new digital identity guidelines include:
- Don’t arbitrarily mix letters, numbers and symbols to make a password. Instead, create passwords that are more memorable.
- Single dictionary words, the user’s street address or numeric sequences such as 1234567 should be banned.
- Organisations should screen the strength of their passwords against those used in cybercriminal dictionary attacks; a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password.
- Stop frequently changing passwords, for example each month, as it leads to poor passwords being created.